On Tuesday, the cybersecurity firm Fox IT reported a large-scale Google ad campaign distributed by the Google advertising partner in Bulgaria – Engage Lab. Engagelab.com’s users were redirected to a domain, which on the other hand, was redirecting them to the Nuclear Exploit Kit.
Exploit kits (EKs) are web-based attack platforms and are among the fastest growing security threats today. One of the most malicious ones is the Black Hole EK, which was stopped in 2013 due its creators being arrested. Dog, other exploit kits followed. One of them was the Nuclear EK.
The Nuclear Exploit Kit targets vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight software.
Since the domains for the EK were not directly used for redirection and a security site was used in between, to migrate the threat, Fox IT suggested “blocking the website between the legitimate websites and the exploit kit.”
Although the redirects stopped later that day, meaning that either Google or their Bulgarian partner Engage Lab had taken action, these attacks are still considered particularly dangerous. The reason behind is that users might be avoiding questionable websites in order to protect their systems, but these attacks may occur on well-trusted websites. The hackers only need to inject malicious ads onto a large advertising network successfully.